嵌入式系统的安全启动机制研究与实现  被引量:17

Research and implementation of secure boot mechanism for embedded systems

在线阅读下载全文

作  者:赵波[1,2] 费永康 向騻[1,2] 李逸帆[1,2] 

机构地区:[1]武汉大学计算机学院,武汉430072 [2]武汉大学空天信息安全与可信计算教育部重点实验室,武汉430072

出  处:《计算机工程与应用》2014年第10期72-77,共6页Computer Engineering and Applications

基  金:国家973重点基础研究发展计划(No.2014CB340600);国家自然科学基金重点项目(No.61332019);国家自然科学基金(No.61173138;No.61272452);湖北省重点新产品新工艺研究开发项目(No.2012BAA03004);企业合作项目(No.YB2012120174;No.YB2013110084)

摘  要:针对目前移动智能平台系统面临的安全威胁,利用可信计算技术解决嵌入式系统的安全问题,是一种可行且高效的安全解决方案。在不改变现有移动设备硬件架构的前提下,提出了一种嵌入式平台系统的安全启动机制,将安全TF卡作为外置可信平台模块,构建了一条从Bootloader到上层应用程序的完整的信任链,该信任链的起点保护在安全TF卡的安全区域内,启动过程中各个组件的度量标准值由安全TF卡中的密钥签名存放。描述了该机制的实现过程,并对其安全性、效率进行了详细的分析测试。实验结果显示,该机制能够抵御针对嵌入式平台的多种攻击,有效保护嵌入式系统安全。Currently, intelligent mobile platform is facing with a series of security threats. One feasible and effective solution for those threats is leveraging trusted computing technology to guarantee the security of embedded systems. In this paper, a secure boot mechanism for embedded system is designed without changing the existing mobile device hardware architecture. This paper presents a complete trust chain from bootloader to upper-layer applications, in which the security TF card plays a role as external trusted platform. The starting point of the trust chain is stored in the secure area of TF card and the measurement reference value for securely booting is signed by the secret key in security TF card before stored. This paper also describes the implementation of the mechanism and carries out detailed analysis focusing on security and efficiency. The experimental results show that the mechanism can defense a variety of attacks on embedded platform, and effectively protect the security of the embedded system.

关 键 词:可信计算 可信计算平台 信任链 嵌入式系统 安全启动 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象